Lucene search

Google_androidCVE-2017-13187

HistoryJan 12, 2018 - 11:29 p.m.

CVE-2017-13187

2018-01-1223:29:00

CWE-200

google_android

web.nvd.nist.gov

cve

2017

13187

android

media

libhevc

disclosure

vulnerability

nvd

information security

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.

Affected configurations

Nvd

Vulners

Node

googleandroidMatch5.1.1

googleandroidMatch6.0

googleandroidMatch6.0.1

googleandroidMatch7.0

googleandroidMatch7.1.1

googleandroidMatch7.1.2

googleandroidMatch8.0

googleandroidMatch8.1

VendorProductVersionCPE
googleandroid5.1.1cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
googleandroid6.0cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
googleandroid6.0.1cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
googleandroid7.0cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
googleandroid7.1.1cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
googleandroid7.1.2cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
googleandroid8.0cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
googleandroid8.1cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	5.1.1	cpe:2.3:o:google:android:5.1.1:::::::*
google	android	6.0	cpe:2.3:o:google:android:6.0:::::::*
google	android	6.0.1	cpe:2.3:o:google:android:6.0.1:::::::*
google	android	7.0	cpe:2.3:o:google:android:7.0:::::::*
google	android	7.1.1	cpe:2.3:o:google:android:7.1.1:::::::*
google	android	7.1.2	cpe:2.3:o:google:android:7.1.2:::::::*
google	android	8.0	cpe:2.3:o:google:android:8.0:::::::*
google	android	8.1	cpe:2.3:o:google:android:8.1:::::::*

CNA Affected

[
  {
    "product": "Android",
    "vendor": "Google Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.1.1"
      },
      {
        "status": "affected",
        "version": "7.1.2"
      },
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "8.1"
      }
    ]
  }
]

References

android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5

source.android.com/security/bulletin/pixel/2018-01-01

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

Related for CVE-2017-13187